Wi-Fi roaming is often a tumultuous subject. The crux of the issue is, with Wi-Fi the roaming decision is left to the client.

In the recent years, there have been great strides in improving Wi-Fi roaming with the creation of standards-based roaming technologies. Cisco first pioneered fast roaming many years ago with CCKM (Cisco Centralized Key Management), which was the foundation for 802.11r. 11r which was ratified by the IEEE in 2008, allows for fast roaming, even on a secure 802.1X SSID. With 802.11r it is possible to roam without disruption during a voice or video call.

While client support of 802.11r is largely lacking in the laptop space, there is large support in the smartphone realm. Apple iOS devices have supported 11r since iOS 6 (http://support.apple.com/kb/HT5535). The recent Samsung smartphones, such as the Galaxy S4, S5, and Note 3, also support 11r.

Note: Some non-802.11r clients can react adversely when connected to an 11r WLAN. The current recommendation from Cisco is to have a separate WLAN for 802.11r clients.

802.11k is another amendment from the IEEE that helps to improve roaming. 802.11k provides a whole slew of information to the client, which allows the client to understand the RF environment and make an informed roaming decision. This information can include channel load and AP neighbor lists.

11r and 11k help, however, that does not mean the infrastructure is irrelevant in the roaming picture. With the help of a model train, we did some testing to figure out just how much impact the infrastructure could have. We compared Cisco to one of our competitors, whom we will call Vendor A.

This video summarizes the results and shows the train in action, or continue reading for more details:Read More »

Ethernet Switches are broadly categorized into two main categories – Modular and Fixed Configuration.

Modular switches, as the name implies, allows you to add expansion modules into the switches as needed, thereby delivering the best flexibility to address changing networks. Examples of expansion modules are application-specific (such as Firewall, Wireless, or Network Analysis), modules for additional interfaces, power supplies, or cooling fans. Cisco Catalyst 4K and 6K are good examples of Modular switches.

Fixed Configuration switches are switches with a fixed number of ports and are typically not expandable. This category is discussed in further detail below. Cisco Catalyst 2K, 3K and the Cisco 300/500 series are good examples of Fixed Configuration switches.

Let me say up front that there are variations to the categories below as switch makers are constantly adding capabilities and evolving the categories, but the broad essence remains the same.

The Fixed configuration switch category is further broken down into:

– Unmanaged Switches

– Smart Switches

– Managed L2 and L3 Switches

Unmanaged Switches:

This category of switch is the most cost effective for deployment scenarios that require only basic layer 2 switching and connectivity. As such, they fit best when you need a few extra ports on your desk, in a lab, in a conference room, or even at home.

With some Unmanaged switches in the market, you can even get capabilities such as cable diagnostics, prioritization of traffic using default QoS settings, Energy savings capabilities using EEE (Energy Efficient Ethernet) and even PoE (Power Over Ethernet). However, as the name implies, these switches generally cannot be modified/managed. You simply plug them in and they require no configuration at all.

This category of switches is the most blurred and fastest changing. The general rule here is that these switches offer certain levels of Management, QoS, Security, etc. but is “lighter” in capabilities and less scalable than the Managed switches. It therefore makes them a cost-effective alternative to Managed switches. As such, Smart switches fit best at the edge of a large network (with Managed Switches being used in the core), as the infrastructure for smaller deployments, or for low complexity networks in general.

The capabilities available for this Smart switch category vary widely. All of these devices have an interface for Management – historically a browser-based interface used to be the only way to configure these devices, though nowadays you can manage some of these devices with CLI and/or SNMP/RMON as well. Regardless, these capabilities are lighter than what you will find in their Managed switch counterparts. Smart switches tend to have a management interface that is more simplified than what Managed Switches offer.

Smart switches allow you to segment the network into workgroups by creating VLANs, though with a lower number of VLANs and nodes (MAC addresses) than you’d get with a Managed switch.

They also offer some levels of security, such as 802.1x endpoint authentication, and in some cases with limited numbers of ACLs (access control lists), though the levels of control and granularity would not be the same as a Managed switch.

In addition, Smart switches support basic quality-of-service (QoS) that facilitates prioritization of users and applications based on 802.1q/TOS/DSCP, thereby making it quite a versatile solution.

Managed Switches are designed to deliver the most comprehensive set of features to provide the best application experience, the highest levels of security, the most precise control and management of the network, and offer the greatest scalability in the Fixed Configuration category of Switches. As a result, they are usually deployed as aggregation/access switches in very large networks or as core switches in relatively smaller networks. Managed switches should support both L2 switching and L3 IP routing though you’ll find some with only L2 switching support.

From a Security perspective, Managed switches provide protection of the data plane (User traffic being forwarded), control plane (traffic being communicated between networking devices to ensure user traffic goes to the right destination), and management plane (traffic used to manage the network or device itself). Managed switches also offer network storm control, denial-of-service protection, and much more.

Managed switches are rich in features that enable them to protect themselves and the network from deliberate or unintended Denial of Service attacks. It includes Dynamic ARP Inspection, IPv4 DHCP snooping, IPv6 First Hop Security with RA Guard, ND Inspection, Neighbor Binding Integrity, and much more.

From a Scalability perspective, these devices have large table sizes so that you can create large numbers of VLANs (for workgroups), devices (MAC table size), IP routes, and ACL policies for flow-based security/QoS purposes, etc.

For highest network availability and uptime, Managed switches support L3 redundancy using VRRP (Virtual Router Redundancy Protocol), large numbers of Link Aggregation groups (which is used both for scalability and resiliency), and capabilities for protecting L2 such as Spanning Tree Root Guard and BPDU Guard.

When we talk about QoS and Multicast features, the richness of capabilities goes far beyond what you’d see in a Smart Switch. Here you’d see things such as IGMP and MLD Snooping with Querier functions for optimizing IPv4/v6 multicast traffic in the LAN, TCP Congestion Avoidance, 4 or 8 queues to treat traffic differently by importance, setting/tagging traffic by L2 (802.1p) or L3 (DSCP/TOS), and rate limiting traffic.

Managed Switches can go even further than what I’ve highlighted. For example, there’s even richer support for Dynamic Unicast and Multicast Routing protocols, deeper flow intelligence or macro flow statistics with Netflow/SFlow, non-Stop Forwarding capabilities, MPLS/VRF support, Policy enforcement, and many others.

Now, to take a deeper dive into these switch categories and talk about various options, you can select the switches based on:

- Speed

- Number of ports

- POE versus non-POE

- Stackable versus Standalone

Speed:

You can find Fixed Configuration switches in Fast Ethernet (10/100 Mbps), Gigabit Ethernet (10/100/1000 Mbps), Ten Gigabit (10/100/1000/10000 Mbps) and even some 40/100 Gbps speeds. These switches have a number of uplink ports and a number of downlink ports. Downlinks connect to end users – uplinks connect to other Switches or to the network infrastructure. Currently, Gigabit is the most popular interface speed though Fast Ethernet is still widely used, especially in price-sensitive environments. Ten Gigabit has been growing rapidly, especially in the datacenter and, as the cost comes down, it will continue to expand into more network applications. With 10GBase-T Ten Gigabit copper interfaces being integrated into LOM (LAN on the Motherboard) and 10G-Base-T switches becoming available now (see the new Cisco SG500XG-8F8T 16-port 10-Gigabit switch), building a Storage or Server farm with 10 Gigabit interfaces has never been easier or more cost-effective. 40G/100G is still emerging and will be mainstream in a few years.

Number of ports:

Fixed Configuration Switches typically come in 5, 8, 10, 16, 24, 28, 48, and 52-port configurations. These ports may be a combination of SFP/SFP+ slots for fiber connectivity, but more commonly they are copper ports with RJ-45 connectors on the front, allowing for distances up to 100 meters. With Fiber SFP modules, you can go distances up to 40 kilometers

POE versus non-POE:

Power over Ethernet is a capability that facilitates powering a device (such as an IP phone, IP Surveillance Camera, or Wireless Access Point) over the same cable as the data traffic. One of the advantages of PoE is the flexibility it provides in allowing you to easily place endpoints anywhere in the business, even places where it might be difficult to run a power outlet. One example is that you can place a Wireless Access Point inside a wall or ceiling.

Switches deliver power according to a few standards – IEEE 802.3af delivers power up to 15.4 Watts on a switch port whereas IEEE 802.3at (also known as POE+) delivers power up to 30 Watts on a switch port. For most endpoints, 802.3af is sufficient but there are devices, such as Video phones or Access Points with multiple radios, which have higher power needs. It’s important to point out that there are other PoE standards currently being developed that will deliver even high levels of power for future applications. Switches have a power budget set aside for running the switch itself, and also an amount of power dedicated for POE endpoints.

To find the switch that is right for you, all you need to do is choose a switch according to your power needs. When connecting to desktops or other types of devices which do not require POE, the non-POE switches are a more cost-effective option.

Stackable versus Standalone:

As the network grows, you will need more switches to provide network connectivity to the growing number of devices in the network. When using Standalone switches, each switch is managed, troubleshot, and configured as an individual entity.

In contrast, Stackable switches provide a way to simplify and increase the availability of the network. Instead of configuring, managing, and troubleshooting eight 48-port switches individually, you can manage all eight like a single unit using a Stackable Switches. With a true Stackable Switch, those eight switches (total 384 ports) function as a single switch – there is a single SNMP/RMON agent, single Spanning Tree domain, single CLI or Web interface – i.e. single management plane. You can also create link aggregation groups spanning across multiple units in the stack, port mirror traffic from one unit in the stack to another, or setup ACLs/QoS spanning all the units. There are valuable operational advantages to be gained by this approach.

Here’s a word of warning. Be careful about products in the market which are sold as “Stackable” when they merely offer a single user interface, or central management interface, for getting to each individual switch unit. This approach is not stackable, but really “clustering”. You still have to configure every feature such as ACLs, QoS, Port mirroring, etc, individually on each switch. Use the following as a proof point – can I create a link aggregation group with one port in one unit of the stack and another port of that group in another unit of the stack? Can I select a port on one unit in the stack and mirror the traffic to a port on another unit of the stack? When I configure an ACL for Security purposes, can I apply that to any port on any unit in the stack? If the answer is “No” to any of these questions, you’re probably not working with a stackable switch.

There are other advantages of True Stacking as well. You can connect the stack members in a ring such that, if a port or cable fails, the stack will automatically route around that failure, many times at microsecond speeds. You can also add or subtract stack members and have it automatically recognized and added into the stack.

You’re probably thinking: Chris, you’re a leader at Cisco, of course you want me to migrate to 802.11ac. That, my friends, is where you are wrong. There is no simple answer to the question of whether you should move your network to 802.11ac. Here’s my simple rule of thumb:

There is no premium for 802.11ac from Cisco. If you are deploying new Access Points’s today, you should be buying 802.11ac. If you’re not buying, you are probably satisfied with your network and how it will handle the growth of more and more clients associating with your network and the bandwidth demands that come with that client demand. If you feel you have a plan to handle this demand, then you are one of the few that can pass on 802.11ac.

That said, there is a strong ramp up for Cisco 802.11ac products in the market, the AP3700 is the fastest ramping access point in our history and we have yet to see if the AP2700 will claim that crown in the coming months. ABI Research estimates that currently 50% of new device introductions are 802.11ac enabled, a statistic expected to increase to 75% by the end of 2015. This is enough proof of the overwhelming interest in adding the benefits of 11ac to networks. Let’s take a step back and consider the basics of why people are moving to the new standard.

Why .11ac?

Today, everything is about getting what we want, when we want it. Instant gratification. It’s not just the millennials—we’ve all been conditioned to expect things within seconds. Could you imagine the days pre-Internet if you had the capability for on-demand movies? Read More »

First we rolled out the MSE tech blog series to give our customers an in depth look at the various features of the location-based technology behind Cisco’s Mobility Services Engine (MSE) and Connected Mobile Experiences (CMX) solution. Now, we’re kicking off a CMX Techtorial video series to provide a visual and helpful walkthrough of how to maneuver and get started with CMX and location-based services.

First up, we have the charismatic Darryl Sladden, Technical Marketing Manager for CMX, taking us through CMX 7.6 Analytics. In this quick video, Darryl will cover:

Organizations are moving from just dealing with bring your own device (BYOD) and the influx of mobile devices to proactively developing solutions that use the full power of mobility. Because of the complexities and fluid technology horizon, this is often simpler said than done. Now you can simplify and accelerate your mobility projects by deploying a comprehensive mobility solution that has been tested and validated end to end. Read More »

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.